# Security Updates - CVE-2018-10803 | ManageEngine OpManager

## CVE-2018-10803

### XSS vulnerability

## Vulnerability Details

| Vulnerability Details |  |
|---|---|
| Impact | **CVSS V3 rating: 10 (Critical)** |
| Reported | 20 Mar 2018 |
| Fixed | 25 April 2018 |
| Affected Builds | Till Build 123121 |
| Fixed in | Build 123122 |
| Overview | Cross-site scripting XSS vulnerability in 'Add credentials' |
| Recommended Fix | **Upgrade to [OpManager Version 12.3.239](https://www.manageengine.com/network-monitoring/service-packs.html) or above.** |

### Description

A Cross-site scripting XSS vulnerability was discovered in 'add credentials' page in OpManager before version 12.3.122. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted description value. This can be exploited through CSRF.

We recommend that you [upgrade to OpManager Version 12.3.122](https://www.manageengine.com/network-monitoring/service-packs.html) or above to fix this issue.

**Source and Acknowledgements**

Find out more about CVE-2018-10803 from the [CVE dictionary](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10803).

### Need Help?

For clarification or corrections please contact our [support team](https://www.manageengine.com/network-monitoring/support.html) or email us at [opmanager-support@manageengine.com](mailto:opmanager-support@manageengine.com).